Details
-
Enhancement
-
Resolution: Done
-
Critical
-
SSO72 1.0.0.GA, TEMPLATE 1.4.10.GA
-
Documentation (Ref Guide, User Guide, etc.), Interactive Demo/Tutorial, User Experience
-
CLOUD Maintenance Sprint 16
Description
Currently available application templates for RH-SSO for OpenShift image expect the user to provide definition of:
- SSL keystore,
- JGroups keystore, and
- SSL truststore
in order the TLS (https) configuration for the image to work correctly. Since the SSL keystore / truststore and JGroups keystore configuration is not trivial, it creates initial barrier for image adoption / use.
To lower this initial barrier, the RH-SSO application templates should be refactored to:
- Utilize the OpenShift's internal / integral serving certificate secrets service functionality to generate the TLS certificate / key pair automatically,
- Utilize re-encrypt TLS mode / route type instead the current passthrough one,
- Use the OpenShift's init containers functionality to convert the previously generated PEM format based TLS certificate/key pair into PKCS12 format, and dynamically create necessary Java keystore/truststore from these.
Demo implementation / blog about the idea:
Other resources / examples:
- https://github.com/jboss-container-images/datagrid-7-image/blob/datagrid-services-dev/templates/caching-service.json#L38
- https://github.com/jboss-container-images/datagrid-7-image/blob/datagrid-services-dev/templates/caching-service.json#L275-L317
- https://github.com/jboss-container-images/datagrid-7-image/blob/datagrid-services-dev/templates/caching-service.json#L261
Attachments
Issue Links
- is related to
-
CLOUD-2249 The Middleware products that use HTTP(S) transport should be as easy to bring up as Python or Node.JS
-
- New
-
